php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35496 Segfault in mcrypt_generic()
Submitted: 2005-11-30 19:15 UTC Modified: 2005-12-01 00:54 UTC
From: iblue at gmx dot net Assigned: ilia
Status: Closed Package: mcrypt related
PHP Version: 5.1.1 OS: Linux 2.6.14-iblue0
Private report: No CVE-ID:
 [2005-11-30 19:15 UTC] iblue at gmx dot net
Description:
------------
php segfaults when executing the reproduce code.

Reproduce code:
---------------
<?php
  $x = "foobar";
  
  $td = mcrypt_module_open('rijndael-256', '', 'ofb', '');
  $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_RANDOM);
  $ks = mcrypt_enc_get_key_size($td);

  $key = md5("foobar");
  
  $encrypted = mcrypt_generic($td, $x);
?>

Expected result:
----------------
No output and a clean exit.

Actual result:
--------------
(gdb) run -q bug.php
Starting program: /home/iblue/src/php-5.1.1/sapi/cli/php -q bug.php
[Thread debugging using libthread_db enabled]
[New Thread -1214781760 (LWP 17768)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1214781760 (LWP 17768)]
0xb7f22b70 in mcrypt_mutex_register () from /usr/lib/libmcrypt.so.4
(gdb) bt
#0  0xb7f22b70 in mcrypt_mutex_register () from /usr/lib/libmcrypt.so.4
#1  0xb7f20203 in mcrypt_enc_get_algorithms_name () from /usr/lib/libmcrypt.so.4
#2  0xb7f1f197 in mcrypt_generic () from /usr/lib/libmcrypt.so.4
#3  0x080ec88b in zif_mcrypt_generic (ht=2, return_value=0x84f17bc, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1, tsrm_ls=0x83ed018) at /home/iblue/src/php-5.1.1/ext/mcrypt/mcrypt.c:489
#4  0x0825d2cd in zend_do_fcall_common_helper_SPEC (execute_data=0xbfacdc48, tsrm_ls=0x83ed018)
    at /home/iblue/src/php-5.1.1/Zend/zend_vm_execute.h:188
#5  0x082630bf in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfacdc48, tsrm_ls=0x83ed018)
    at /home/iblue/src/php-5.1.1/Zend/zend_vm_execute.h:1578
#6  0x0825cbfc in execute (op_array=0x84fc0ac, tsrm_ls=0x83ed018) at /home/iblue/src/php-5.1.1/Zend/zend_vm_execute.h:88#7  0x08238816 in zend_execute_scripts (type=8, tsrm_ls=0x83ed018, retval=0x0, file_count=3)
    at /home/iblue/src/php-5.1.1/Zend/zend.c:1090
#8  0x081fc32b in php_execute_script (primary_file=0xbfacffe4, tsrm_ls=0x83ed018)
    at /home/iblue/src/php-5.1.1/main/main.c:1704
#9  0x082e26ca in main (argc=3, argv=0xbfad0084) at /home/iblue/src/php-5.1.1/sapi/cli/php_cli.c:1039


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-30 21:31 UTC] iliaa@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

The problem is due to you attempting to encrypt a string without calling mcrypt_generic_init() function first.
 [2005-11-30 21:50 UTC] iblue at gmx dot net
You are right, I have not read the manual and thought this 
would be a "real" bug.
But, in my opinion, when php crashes it is a bug, regardless 
of what I did.

It would be nice to have a warning or an error instead of a 
segfault.
 [2005-11-30 21:57 UTC] tony2001@php.net
After a short discussion we decided to work around this segfault.
Assigned to Ilia, he's working on the patch.
 [2005-12-01 00:54 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 21:01:56 2014 UTC